package com.learn.security.oauth2.resource.server.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * 资源服务配置
 *
 * @author knight
 */
@EnableWebSecurity
public class ResourceServerConfig {

	// @formatter:off
	@Bean
	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
		http
			.securityMatcher("/messages/**")
				.authorizeHttpRequests(req -> req.requestMatchers("/messages/**")
						.hasAuthority("SCOPE_message.read"))
			.oauth2ResourceServer(r -> r.jwt(Customizer.withDefaults()));
		return http.build();
	}
	// @formatter:on

}
